Page MenuHomePhabricator

Add Scrive to Privacy documentation
Open, Needs TriagePublic

Description

Having adopted Scrive as our go-to service for digital signatures we need to integrate it into our Privacy documentation and work flow.

While most of the documents are of a contractual nature and so will get saved for other reasons it is worth noticing the following.

  1. Data gets stored in Scrive even if the user does not sign the document, even if the document is never sent to them (kept as a draft). this data may include more sensitive info such as personnr.
  2. Data gets stored in Scrive beyond what a user might expect (e.g. if they opened the e-mail, if they looked at the document)
  3. Data might get distributed to third parties (e.g. Fortnox) or moved to other systems, e.g. exported to Drive

Event Timeline

  1. Data gets stored in Scrive even if the user does not sign the document, even if the document is never sent to them (kept as a draft). this data may include more sensitive info such as personnr.

Note that this can be ameliorated by the appropriate settings in https://scrive.com/account#data-retention, e.g. deleting drafts, rejected, unsigned document after a certain time [such details would go into Registerförteckning och rensningsrutiner)]

  1. Data gets stored in Scrive beyond what a user might expect (e.g. if they opened the e-mail, if they looked at the document)

The e-mail tracking we can do nothing about. But we can include a footer in all e-mails which makes clear that this is happening (also tracking of the link). Explain that if they sign the document this is part of the evidence chain but if they choose not to sign it they can request deletion by contacting integritet@)

  1. Data might get distributed to third parties (e.g. Fortnox) or moved to other systems, e.g. exported to Drive

Again a footer in the e-mail is probably the way forward

Looked a bit more at the branding age and adding a footer might not be possible. Left to T256968 to investigate that

E-mailed Scrive about Personuppgiftsbiträdesavtal

@Lokal_Profil Should I add instructions here ? (For example that the person sending out the document does not need to be added in the list of recipients to get a ping when the final person has signed).

E-mailed Scrive about Personuppgiftsbiträdesavtal

Was an appendix to the contract we signed. Updated Integritetspolicy/Personuppgiftsbiträdesavtal

@Lokal_Profil Should I add instructions here ? (For example that the person sending out the document does not need to be added in the list of recipients to get a ping when the final person has signed).

I think a Google doc is probably the best format for the general information /best practices for Scrive while it's being developed. Once this finished it should of course be moved to our wiki.

Note that this documentation is related to T257023: Create internal documentation on Scrive use rather than this task.

Looked a bit more at the branding age and adding a footer might not be possible. Left to T256968 to investigate that

Asked Scrive abut this

Looked a bit more at the branding age and adding a footer might not be possible. Left to T256968 to investigate that

Asked Scrive abut this

Scrive confirmed that this is not possible but will check with Legal if there is an underlying reason for that.

some overlap with T257023: Create internal documentation on Scrive use but one things which is needed is a routine for moving documents off Scrive, and an instruction in the data purge document which boils down to checking that this has been done.

Looked a bit more at the branding age and adding a footer might not be possible. Left to T256968 to investigate that

Asked Scrive abut this

Scrive confirmed that this is not possible but will check with Legal if there is an underlying reason for that.

New reply

Pardon the late reply. We are not able to change the information in the footer. What you can do instead is to include the privacy statement in the invitation message to the customer (Other settings > Invitation message).

While it is not possible to add such a text as a global setting, you can add it to a template and set that as the standard template for any new documents.

Suggested Invitation message footer (with [AT] exchanged for @):

Detta e-post skickades till dig via Scrive. SOm en del av beviskedjan spåras data om huruvida e-posten har mottagits, öppnats och några länkar har besökts. Om du väljer att inte signera dokumentet can du begära att denna data raderas genom att kontakta integritet[AT]wikimedia.se. I annat fall behandlas denna data i enlighet med vår Integritetspolicy (https://se.wikimedia.org/wiki/Integritetspolicy).
---
This e-mail is sent to you via Scrive. As part of the evidence chain data about whether the e-mail was received, opened and any links were visited will be tracked. If you choose not to sign the document you can request that this data be deleted by contacting integritet[AT]wikimedia.se. Otherwise this data will be handled in accordance with our Privacy policy (https://se.wikimedia.org/wiki/Integritetspolicy).

@Historiker @Jopparn @Jenny_Brandt_WMSE does it look ok to you?

Thanks. There are two typos in the Swedish text ("SOm" instead of "Som" and "can" instead of "kan"). Below is a version with the two typos corrected:

Detta e-post skickades till dig via Scrive. Som en del av beviskedjan spåras data om huruvida e-posten har mottagits, öppnats och några länkar har besökts. Om du väljer att inte signera dokumentet kan du begära att denna data raderas genom att kontakta integritet[AT]wikimedia.se. I annat fall behandlas denna data i enlighet med vår Integritetspolicy (https://se.wikimedia.org/wiki/Integritetspolicy).
---
This e-mail is sent to you via Scrive. As part of the evidence chain data about whether the e-mail was received, opened and any links were visited will be tracked. If you choose not to sign the document you can request that this data be deleted by contacting integritet[AT]wikimedia.se. Otherwise this data will be handled in accordance with our Privacy policy (https://se.wikimedia.org/wiki/Integritetspolicy).
  • Consider if we need to add an entry to Registerförteckning och rensningsrutiner.

Many thanks.

I've created a base template Dokumentmall med Integritetspolicylänk with this text. Now we just need to remeber to alwasy use this for any new documents

@Jenny_Brandt_WMSE I assume you are using a template for the autogiro? If so It hasn't been marked as shared? (look in E-arkiv->Mallar) so I cannot add the text to it. The same goes for any other templates in use.
@Jopparn A ping for you as well in case you have any templates which you make use of.

I've also added the text to https://se.wikimedia.org/wiki/Integritetspolicy/Samtycke

  • Ensure recipients are made aware of any personal data which gets stored by the system.

T257023: Create internal documentation on Scrive use Will be looking at a routine for moving signed documents off Scrive. Once this is set we need to

  1. Set up https://scrive.com/account#data-retention, to e.g. deleting drafts, rejected, unsigned document after a certain time
  2. Add an entry to Registerförteckning och rensningsrutiner describing both the automated purging and the manual document offboarding described in the routine.